Why The U.S. Needs A Strategy For Fighting Cyberwars

The U.S. needs to develop a doctrine to deal with the growing
threat of cyberattacks in both the public and private sector,
former Secretary of Homeland Security Michael Chertoff said
today.

Speaking at a New York luncheon hosted by Big Data analytics
company Opera Solutions, Chertoff said the U.S. needs a set of
principles to deal with the 21st century security landscape that
includes both physical and cyber threats from an array of actors,
including states, terrorists, hacktivists, and "teenagers on a
joy ride."

Recent cyber attacks against
Lockheed Martin,
Nasdaq, and the
CIA and U.S. Senate websites have raised public awareness
about cyber threats, but Chertoff argues that these network hacks
are only the tip of the iceberg. A more terrifying scenario, he
said, would be a cyber attack that targets the network's
operating system or compromises supply chain for sensitive
information system hardware and software with contaminated chips.

A new cyber-doctrine requires a fresh look at the way the U.S.
collects, mines and analyzes information. The U.S. government —
and particularly the intelligence community — have traditionally
given disproportionate focus to secret information. The military,
intelligence and law enforcement agencies and the military have
not yet started to use the massive amount of data and
intelligence that is readily available on open-source networks.

If the government can find a way to couple that information with
its high-level expertise and sophisticated analytic tools, it
would be possible to see trends and potential red flags that
aren't included in intelligence reports, Chertoff said. The Arab
Spring revolutions, for example, might have been possible to
predict if the U.S. had been looking in the right places.

Public and private partnerships are essential to sharing
information and data that could thwart a cyber attack, Chertoff
added. Given the possible
scope of a cyberterrorism, "interdependence is critical," he
said, but outdated regulations and legal barriers hamper
public-private collaborations and impede the government's ability
to mine open-source data.

"Lawyers get really risk-averse — it's a very frustrating process
for everybody," Chertoff told reporters after the lunch. "We
ought to take a fresh look at these regulations to align with the
current architecture of our systems, instead of treating it as if
every regulation is holy writ."